The State Information and Communication Technologies Oversight Authority – Setic, has commenced certification in Information Security Policy (PSI) targeting servers, trainees and others involved in the scope of Setic.
In 2021, Setic defined the Information Security Policy – PSI, published in the Official Gazette, on July 9, by Order No. 97, regulating Setic’s commitment to data protection, which defines everything that is important in the field of information security, taking into account national laws and standards International Information Security, and must be complied with by all concerned, both internally and externally to the regulatory body.
Based on this and provided through the Virtual Learning Environment – AVA, containing 12 modules with a workload of 10 hours, organized by the Setic Security Coordinator, the course aims to enhance the knowledge and relevance of information security policy in the country context, as well as to improve the level of participants .
According to IT analyst from Setic Information Security Format, Eduardo Falkemback Zimmer, after PSI’s deployment, Setic aims to organize training so that servers know more about the subject and thus protect not only professional data, but also personal, given that this is a growing demand, due to ongoing risks to leak information.
“Information security is a cross-cutting topic and an important asset in human relations and public administrations, as it deals with physical and technological protection, and organizational awareness, and each of these areas has threats, vulnerabilities, and risks, generating ongoing challenges that require care. Special offers and limitations. Based on these The premise, the PSI has been prepared, is already in force and will be reviewed at most every two years as needed.”
The Information Security Policy is already in place, and has been published in the Official Gazette of the State, by Order No. 97, which regulates Setic’s obligation to protect its information, and states that it must be complied with by all concerned, internally and externally, to oversight, whether they are servants or employees, trainees, service providers, or any citizen who has access to information on the Setic Data Network.
Among the main objectives of PSI 1.0 are “to contribute to the security of the individual, society and the state, by directing information security measures, observing basic rights and guarantees and allowing the adoption of integrated security solutions, as well as how to direct all security measures to reduce risks and ensure the integrity, confidentiality and availability of information from information systems and resources technological,” Zimmer highlights.
The law also defines an access account, which is the user identification tool in the Setic data network and is for single use and non-transferable.
In order to develop PSI 1.0, Setic used as a reference some of the laws already in force. Among them, Federal Law No. 13709 of August 14, 2018 – General Law on the Protection of Personal Data – LGPD, Federal Law No. 12965, of April 23, 2014, Civil Rights Framework for the Internet, Federal Law No. 12527, dated November 18, 2011, dealing with Access to Information – LAI, as well as the Internet Security Handbook as well as the Standard Instructions for Information Security Management – DSI of the Institutional Security Office of the Presidency of the Republic – GSI – Public Relations PSI 1.0 will be reviewed and updated periodically, at most every two years , if there are no relevant events or facts that require immediate review.